DoorDash
Sr. Security Engineer, Red Team
Job Description
At DoorDash we’re building the industry’s most scalable and reliable delivery network to support our three-sided marketplace of consumers, merchants, and Dashers. Security is paramount to the success of our business, and DoorDash Security aspires to be the world’s best security team. We are committed to protecting our people, partners, customers, and technologies with robust safeguards and unwavering vigilance.
The Security Engineer, Red Team will be responsible for conducting threat intelligence-informed, adversary emulations to simulate real-world cyber attacks and proactively identify security improvement opportunities in the DoorDash environment. This role will work closely with cross-functional teams across the company to assess the security posture of DoorDash’s critical assets and products.
You will report directly to the CISO, with the freedom and accountability to complete full scope red team operations against any valuable objectives in the company, providing a crucial feedback loop for all of our efforts in upholding customer trust.
- Plan and execute realistic adversary simulations using curated threat intelligence to assess security opportunities, and detection and response capabilities
- Exercise range of expertise to include cyber, insider, fraud, and physical security Red Team testing scenarios
- Develop custom tools and payloads to test the DoorDash security posture
- Document assessment plans and report findings for technical and non-technical audiences
- Partner with Blue Teams to escalate emerging threats and develop proactive detection or defensive strategies
- Provide consultation, operational readouts, and expert solutions for complex security challenges impacting DoorDash
- 5+ years of experience in Red Teaming and Purple Teaming
- You are passionate about offensive security and care about improving your craft every day
- Have a deep understanding of adversary mindsets, to include experiential knowledge of advanced persistent threats (APT) and Insider Threat tactics, techniques, and procedures
- Experience partnering with cross-functional teams to secure diverse environments, providing feedback loops that articulate business risks and generate actionable intelligence
- Strong experience with multi-platform and cloud exploitation, and malware development.
- Strong knowledge of one of Kotlin, Java, Python, Powershell or Golang
- Experience using and developing tooling, methodologies and scalable infrastructure to support red team engagements capabilities (e.g. command and control frameworks, phishing environment, exploits)
- Experience with Command and Control (C2) frameworks
- Experience with Defense Evasion to bypass security tooling (e.g. Endpoint Detection and Response)
- Excellent understanding of information security operations related frameworks and standards (e.g., MITRE Att&ck)
- Experience providing technical leadership and guidance, and thinking strategically and analytically to solve problems
- Excellent communication, presentation, and stakeholder management skills
- Engages with a people-first approach, is able to facilitate a conversation rather than dictate it, and is empathetic to divergent viewpoints
We expect this position to be filled by 6/29/25.
The successful candidate's starting pay will fall within the pay range listed below and is determined based on job-related factors including, but not limited to, skills, experience, qualifications, work location, and market conditions. Base salary is localized according to an employee’s work location. Ranges are market-dependent and may be modified in the future.
In addition to base salary, the compensation for this role includes opportunities for equity grants. Talk to your recruiter for more information.
DoorDash cares about you and your overall well-being. That's why we offer a comprehensive benefits package to all regular employees, which includes a 401(k) plan with employer matching, paid time off and paid sick leave in compliance with applicable laws (e.g. Colorado Healthy Families and Workplaces Act) (for salaried roles: flexible vacation, plus 80 hours of paid sick time per year; for hourly roles: vacation accrued at about 1 hour for every 25.97 hours worked (e.g. about 6.7 hours/month if working 40 hours/week; about 3.4 hours/month if working 20 hours/week), and paid sick time accrued at 1 hour for every 30 hours worked (e.g. about 5.8 hours/month if working 40 hours/week; about 2.9 hours/month if working 20 hours/week), 16 weeks of paid parental leave, a wellness benefit, and a commuter benefit match.
Additionally, for full-time employees, DoorDash offers medical, dental, and vision benefits, 11 paid holidays, disability and basic life insurance, family-forming assistance, and a mental health program, among others.
To learn more about our benefits, visit our careers page here.
At DoorDash, our mission to empower local economies shapes how our team members move quickly, learn, and reiterate in order to make impactful decisions that display empathy for our range of users—from Dashers to merchant partners to consumers. We are a technology and logistics company that started with door-to-door delivery, and we are looking for team members who can help us go from a company that is known for delivering food to a company that people turn to for any and all goods.
DoorDash is growing rapidly and changing constantly, which gives our team members the opportunity to share their unique perspectives, solve new challenges, and own their careers. We're committed to supporting employees’ happiness, healthiness, and overall well-being by providing comprehensive benefits and perks including premium healthcare, wellness expense reimbursement, paid parental leave and more.
We’re committed to growing and empowering a more inclusive community within our company, industry, and cities. That’s why we hire and cultivate diverse teams of people from all backgrounds, experiences, and perspectives. We believe that true innovation happens when everyone has room at the table and the tools, resources, and opportunity to excel.
Statement of Non-Discrimination: In keeping with our beliefs and goals, no employee or applicant will face discrimination or harassment based on: race, color, ancestry, national origin, religion, age, gender, marital/domestic partner status, sexual orientation, gender identity or expression, disability status, or veteran status. Above and beyond discrimination and harassment based on “protected categories,” we also strive to prevent other subtler forms of inappropriate behavior (i.e., stereotyping) from ever gaining a foothold in our office. Whether blatant or hidden, barriers to success have no place at DoorDash. We value a diverse workforce – people who identify as women, non-binary or gender non-conforming, LGBTQIA+, American Indian or Native Alaskan, Black or African American, Hispanic or Latinx, Native Hawaiian or Other Pacific Islander, differently-abled, caretakers and parents, and veterans are strongly encouraged to apply. Thank you to the Level Playing Field Institute for this statement of non-discrimination.
Pursuant to the San Francisco Fair Chance Ordinance, Los Angeles Fair Chance Initiative for Hiring Ordinance, and any other state or local hiring regulations, we will consider for employment any qualified applicant, including those with arrest and conviction records, in a manner consistent with the applicable regulation.
If you need any accommodations, please inform your recruiting contact upon initial connection.
DoorDash
A food delivery service connecting customers with local restaurants and providing on-demand delivery through a network of drivers.
See more jobsSafe Remote Job Search Tips
Verify Employer Thoroughly
Research the company's identity thoroughly before applying. Check for a professional website with contacts, active social media, and LinkedIn profiles. Verify details across platforms and look for reviews on Glassdoor or Trustpilot to confirm legitimacy.
Never Pay to Get a Job
Legitimate employers never require payment for applications, training, background checks, or equipment. Always reject upfront payment requests or demands for bank details, even if they claim it's for purchasing necessary work gear on your behalf.
Safeguard Your Personal Information
Protect sensitive data like SSN, bank details, or ID copies. Share this only after accepting a formal, written job offer. Ensure it's submitted via a secure company system or portal, never through insecure channels like standard email attachments.
Scrutinize Communication & Interviews
Watch for communication red flags: poor grammar, generic emails (@gmail), vague details, or undue pressure. Be highly suspicious of interviews held only via text or chat apps; legitimate companies typically use video or phone calls.
Beware of Unrealistic Offers
If an offer's salary or benefits seem unrealistically high for the work involved, be cautious. Research standard pay for similar roles. Offers that appear 'too good to be true' are often scams designed to lure you into providing information or payment.
Insist on a Formal Contract
Always secure and review a formal, written job offer or employment contract before starting work or sharing final personal details. Ensure it clearly defines your role, compensation, key terms, and conditions to avoid misunderstandings or scams.